Re: Issues with kexec on arm64

public inbox for linux-arm-kernel@lists.infradead.org
 help / color / mirror / Atom feed

From: Will Deacon <will@kernel.org>
To: Itai Handler <itai.handler@gmail.com>
Cc: linux-kernel@vger.kernel.org,
	linux-arm-kernel@lists.infradead.org, mark.rutland@arm.com,
	ardb@kernel.org, usamaarif642@gmail.com
Subject: Re: Issues with kexec on arm64
Date: Fri, 3 Jan 2025 16:16:38 +0000	[thread overview]
Message-ID: <20250103161637.GA3921@willie-the-truck> (raw)
In-Reply-To: <CAFpOueSJFyAa2q=0S5Ch6cCy_ORKBV8Y-FUTq6bTky37LJ7M_A@mail.gmail.com>

On Tue, Dec 24, 2024 at 01:36:41PM +0200, Itai Handler wrote:
> [Sorry about my previous e-mail on this subject. It got corrupted.
> Please ignore it.]
> 
> Hello,
> 
> I'm encountering kernel panics / system hangs when attempting to
> kexec a vmlinux file on arm64 architecture.
> 
> It happens both on qemu and on real hardware.
> 
> These issues occur on all kernels from v4.19 to the latest mainline.

I think other folks have been using kexec on arm64, so something smells
fishy here. Is the issue intermittent?

> A sample panic output looks as follows:
>   kernel BUG at arch/arm64/mm/mmu.c:217!
>   Internal error: Oops - BUG: 00000000f2000800 [#1] SMP
>   CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0 #292
>   Hardware name: linux,dummy-virt (DT)
>   pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
>   pc : __create_pgd_mapping+0xe8/0x3b0
>   lr : __create_pgd_mapping+0x44/0x3b0
>   sp : fffffe00804d3c20
>   x29: fffffe00804d3c20 x28: fffffe0080620000 x27: fffffffefdbc0000
>   x26: fffffe0080300000 x25: 0000000040010000 x24: fffffffefdbc8020
>   x23: fffffe0080010000 x22: 0000000000000040 x21: fffffe0080010000
>   x20: fffffe0080300000 x19: 0040000000000783 x18: 0000000000000000
>   x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
>   x14: fffffffefdde0000 x13: fffffe00804d3c78 x12: 0000000000001d68
>   x11: 0000000000001d64 x10: fffffe00804d3c2c x9 : fffffffefdde0000
>   x8 : 0000000040420000 x7 : 0000000000001d68 x6 : 0000000000000000
>   x5 : fffffe00a0010000 x4 : 0000000000001004 x3 : fffffe0480010000
>   x2 : fffffe00804f7ec0 x1 : 0000000000000000 x0 : 0000000000000000
>   Call trace:
>    __create_pgd_mapping+0xe8/0x3b0
>    map_kernel_segment+0x74/0xb0
>    paging_init+0xec/0x4f8
>    setup_arch+0x234/0x52c
>    start_kernel+0x64/0x500
>    __primary_switched+0xb4/0xbc
>   Code: f9400300 92400400 f1000c1f 54000060 (d4210000)
>   ---[ end trace 0000000000000000 ]---
>   Kernel panic - not syncing: Oops - BUG: Fatal exception

So this explodes because we find a page-table entry at the pmd level
that we don't like the look of:

  - It's not a block entry
  - It's not all zeroes
  - It's also not a table

Sadly, the actual value is clobbered by the time we take the BUG():

   0:	f9400300	ldr	x0, [x24]
   4:	92400400	and	x0, x0, #0x3
   8:	f1000c1f	cmp	x0, #0x3
   c:	54000060	b.eq	0x18  // b.none
  10:*	d4210000	brk	#0x800		<-- trapping instruction

Maybe dumping 'pmd_val(pmd)' before we crash would be instructive? Maybe
it's a pointer...

> I bisected those panics to 8eb7e28d4c642c310f25c18f80a44dd4b01c694e
> ("arm64/mm: move runtime pgds to rodata"), which was added on v4.19.

Hmm. I wonder if the rodata section isn't being loaded properly? Can you
add some traces to check that, please?

Will

next prev parent reply	other threads:[~2025-01-03 16:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-24 11:36 Issues with kexec on arm64 Itai Handler
2025-01-03 16:16 ` Will Deacon [this message]
2025-01-05 14:46   ` Itai Handler
2025-02-11 18:36     ` Will Deacon
2025-01-06 14:02 ` Mark Rutland
2025-01-07  9:46   ` Itai Handler
  -- strict thread matches above, loose matches on Subject: below --
2024-12-24 10:37 Itai Handler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250103161637.GA3921@willie-the-truck \
    --to=will@kernel.org \
    --cc=ardb@kernel.org \
    --cc=itai.handler@gmail.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mark.rutland@arm.com \
    --cc=usamaarif642@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox